Find notable cyber news and cases, enriched with sources, timelines, and signals.

Ousaban banking trojan retooled for Spain and Portugal

Malware Activity
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The Ousaban banking trojan has been retooled to target banking customers in Spain and Portugal, raising the risk of credential theft and bank fraud. It uses phishing PDFs, steganography and geofencing to keep the attack hidden, and it has been active since May 2026. Once it reaches a bank login, it can capture screenshots, run keylogging, inject clipboard data and take remote control of the victim system.

Related Happenings

NFCShare fake banking-app update phishing campaign

Campaign
H score40 First: 09.06.2026 01:11 Last: 09.06.2026 01:11 Sources 1

About this happening: The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...

Grandoreiro DLL side-loading campaign targeting banks in Portugal

Campaign
H score26 First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...

Massiv Android banking malware disguised as IPTV app

Malware Activity
H score27 First: 19.02.2026 12:00 Last: 19.02.2026 12:00 Sources 1

About this happening: The **Massiv** Android banking malware is posing as an **IPTV app** to steal digital identities and access **online banking accounts**. It uses **screen overlays**, **keylogging**...

RelayNFC Android NFC relay malware targeting Brazilian banking users

Malware Activity
H score21 First: 03.12.2025 17:32 Last: 03.12.2025 17:32 Sources 1

About this happening: The **RelayNFC** malware is actively targeting **Brazilian banking users** with **Android**-based **NFC relay attacks**, creating a path to steal contactless payment data and enab...

Timeline

  1. 01.07.2026 16:45 2 articles · 8d ago

    Ousaban banking trojan retooled for Spain and Portugal

    Initial Disclosure

    The initial lure is a **phishing PDF** disguised as a broken file that urges a click on an **Update** button. That leads to a fake **government tax portal** that profiles the visitor before delivering the payload.

    Show sources